Skip to content

Commit

Permalink
chore: update ansible docker deployment steps
Browse files Browse the repository at this point in the history
feat: add steps to create ami image and push to marketplace

feat: add steps to publish ami image

chore: update github action changes

update github actions to assume role
  • Loading branch information
pratapalakshmi committed Sep 22, 2024
1 parent 5dae083 commit 9ffca89
Show file tree
Hide file tree
Showing 18 changed files with 284 additions and 20 deletions.
43 changes: 43 additions & 0 deletions .github/workflows/packer-build-ami.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Packer build AWS AMI's
on:
workflow_dispatch:
branches:
- prod

jobs:
plan:
environment: Terraform
defaults:
run:
working-directory: /home/runner/work/ballerine/deploy/aws_ami
runs-on: ubuntu-latest
name: Packer build Artifacts
steps:
- name: Checkout to Git
uses: actions/checkout@v2

- name: Assume Role
uses: ./
env:
ROLE_ARN: ${{ secrets.AWS_PACKER_ROLE }}
ROLE_SESSION_NAME: packersession
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DURATION_SECONDS: 900

- name: Setup `packer`
uses: hashicorp/setup-packer@main
id: setup
with:
version: 1.8.7

- name: Run `packer init`
id: init
run: "packer init template.json.pkr.hcl"

- name: Run `packer validate`
id: validate
run: "packer validate template.json.pkr.hcl"

- name: Build AWS AMIs
run: "packer build template.json.pkr.hcl"
4 changes: 2 additions & 2 deletions deploy/ansible/ballerine_playbook/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ You can run the ansible playbook with the following command

```bash
cd ballerine/deploy/ansible/ballerine_playbook
ansible-playbook -i inventory.txt ballerine-playbook.yml
ansible-playbook -i inventory.txt ballerine-playbook.yml --skip-tags packer
```

The command above will use the host information from the `inventory` file.
Expand All @@ -110,4 +110,4 @@ When it's all done, provided all went well and no parameters were changed, you s

## Make entries to the DNS server

Make sure the appropriate entries for the url in DNS are created
Make sure the appropriate entries for the url in DNS are created
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
docker_edition: 'ce'
docker_package: 'docker-{{ docker_edition }}'
docker_package_state: present
default_user: ubuntu

cloud_user: ballerine
cloud_group: ballerine

# Service options.
docker_service_state: started
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
- name: Remove sensitive credential (1)
shell: find / -name "authorized_keys" -exec rm -f {} \;
become: true

- name: Remove sensitive credential (2)
shell: find /root/ /home/*/ -name .cvspass -exec rm -f {} \;
become: true

- name: Restart rsyslog
shell: service rsyslog restart
become: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
- name: Clone Ballerine
git:
repo: https://github.com/ballerine-io/ballerine.git
dest: "{{ install_dir }}"
version: dev
clone: yes
update: yes
ignore_errors: yes
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
- name: Deploy Ballerine with localhost
shell: sudo docker-compose -f docker-compose-build.yml up -d
args:
chdir: "{{ install_dir }}/deploy"
when: vite_api_url == ""

- name: Deploy Ballerine with custom Domain
shell: sudo docker-compose -f docker-compose-build-https.yml up -d
args:
chdir: "{{ install_dir }}/deploy"
when: vite_api_url != ""
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,13 @@
- libnss3-tools
state: latest
become: true
tags:
- always


- name: Upgrade dist to apply security fixes
ansible.builtin.apt:
upgrade: dist
become: true
tags:
- always


- name: Ensure old versions of Docker are not installed
package:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,25 @@
package_facts:
manager: auto

- include_tasks: install-docker.yml
- import_tasks: install-docker.yml

- import_tasks: start-docker.yml

- import_tasks: clone-ballerine.yml

- import_tasks: setup-init-config.yml
tags: packer

- import_tasks: setup-ballerine.yml

- import_tasks: setup-ballerine-runtime.yml
tags: packer

- import_tasks: deploy-ballerine.yml
tags: deploy

- import_tasks: setup-user-data.yml
tags: packer

- import_tasks: cleanup-packer-build.yml
tags: packer
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
- name: create runtime path folder
file:
dest: "{{ install_dir }}/scripts"
mode: 0755
recurse: yes
owner: "{{ cloud_user }}"
group: "{{ cloud_group }}"
state: directory

- name: create boot script
template:
src: templates/boot.sh
dest: "{{ install_dir }}/scripts/boot.sh"
mode: 0755

- name: create reboot entry job
cron:
name: "ballerine job"
special_time: reboot
user: "{{ cloud_user }}"
job: "{{ install_dir }}/scripts/boot.sh"

- name: setup ssh key for ballerine user
copy:
src: templates/init-ssh.sh
dest: /var/lib/cloud/scripts/per-instance
mode: 0755
owner: "{{ cloud_user }}"
group: "{{ cloud_group }}"
become: true

- name: setup ssh key for {{ default_user }} user
copy:
src: templates/init-ssh.sh
dest: /var/lib/cloud/scripts/per-instance
mode: 0755
owner: "{{ default_user }}"
group: "{{ cloud_group }}"
become: true
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---

- name: Replace VITE URL for backoffice
lineinfile:
path: '~/ballerine/apps/backoffice-v2/.env.example'
Expand Down Expand Up @@ -33,16 +34,4 @@
ansible.builtin.template:
src: templates/Caddyfile.j2
dest: "{{ install_dir }}/deploy/caddy/Caddyfile"
when: vite_api_url != ""

- name: Deploy Ballerine up locally
shell: docker-compose -f docker-compose-build.yml up -d
args:
chdir: "{{ install_dir }}/deploy"
when: vite_api_url == ""

- name: Deploy Ballerine up remote
shell: docker-compose -f docker-compose-build-https.yml up -d
args:
chdir: "{{ install_dir }}/deploy"
when: vite_api_url != ""
when: vite_api_url != ""
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
- name: deploy cloud init config file
template: src=templates/cloud-config.cfg dest=/etc/cloud/cloud.cfg.d/defaults.cfg
become: true

- name: create group ballerine
group: name={{ cloud_user }} state=present
become: true

- name: create user ballerine
user: name={{ cloud_user }} groups={{ cloud_group }}
become: true

- name: create user {{ default_user }}
user: name={{ default_user }} groups={{ cloud_group }}
become: true

- name: add sudoers group for user {{ cloud_user }}
copy:
content: 'ballerine ALL=(ALL) NOPASSWD: ALL'
dest: /etc/sudoers.d/ballerine
mode: 0440
owner: root
group: root
become: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
- name: setup runtime user data
copy:
src: ../templates/user-data.sh
dest: /var/lib/cloud/scripts/per-instance
mode: 0755
owner: "{{ cloud_user }}"
group: "{{ cloud_group }}"
become: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/bin/bash

cd /home/ballerine/ballerine

git checkout dev ; git pull

cd /home/ballerine/ballerine/deploy

sudo docker-compose -f docker-compose-build.yml pull

sudo docker-compose -f docker-compose-build.yml up -d
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#cloud-config
system_info:
default_user:
name: ballerine
lock_passwd: false
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/bin/bash

authorized_keys_path=/home/ballerine/.ssh/authorized_keys
if [[ ! -e "$authorized_keys_path" ]]; then
echo "Setting SSH key"
sudo cp ~/.ssh/authorized_keys "$authorized_keys_path"
sudo chown ballerine:ballerine "$authorized_keys_path"
fi

authorized_keys_ubuntu_path=/home/ubuntu/.ssh/authorized_keys
if [[ ! -e "$authorized_keys_ubuntu_path" ]]; then
echo "Setting SSH key for ubuntu user"
sudo mkdir -p /home/ubuntu/.ssh/
sudo chmod -R 700 /home/ubuntu/.ssh/
sudo cp ~/.ssh/authorized_keys "$authorized_keys_ubuntu_path"
sudo chown -R ubuntu:ballerine /home/ubuntu/.ssh/
fi
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

default_user_name="[email protected]"
default_user_password=admin

echo "${default_user_name}:${default_user_password}" > /home/ballerine/ballerine/credential

echo -e "\n***************************************************\n* Default username : $default_user_name *\n* Default password : $default_user_password *\n***************************************************\n" >/dev/console
5 changes: 5 additions & 0 deletions deploy/aws_ami/defaults.cfg
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#cloud-config
system_info:
default_user:
name: ballerine
lock_passwd: false
62 changes: 62 additions & 0 deletions deploy/aws_ami/template.json.pkr.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# Configuration - AWS base image
variable "base_ami" {
type = string
default = "ami-01e444924a2233b07" # Ubuntu 22.04.2 LTS
}

# Configuration - AWS provisioning instance type
variable "instance_type" {
type = string
default = "t2.micro"
}

# Configuration - AWS subnet
variable "subnet_id" {
type = string
default = "subnet-01d1b883a41235506"
}

# Configuration - AWS VPC
variable "vpc_id" {
type = string
default = "vpc-0ed0113663b1fbf40"
}


# "timestamp" template function replacement
locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }

# Variable - AMI naming
locals {
image_name = "ballerine-marketplace-snapshot-${local.timestamp}"
}

# Builder - Provision AWS instance
source "amazon-ebs" "ballerine-aws-ami" {
ami_name = "ballerine-ami-${local.timestamp}"
instance_type = "${var.instance_type}"
launch_block_device_mappings {
delete_on_termination = true
device_name = "/dev/sda1"
volume_size = 25
volume_type = "gp2"
}
region = "eu-central-1"
source_ami = "${var.base_ami}"
ssh_username = "ballerine"
subnet_id = "${var.subnet_id}"
vpc_id = "${var.vpc_id}"
skip_create_ami = false
user_data_file = "./defaults.cfg"
}

# Provisioning - Setup Ballerine
build {
sources = ["source.amazon-ebs.ballerine-aws-ami"]

provisioner "ansible" {
user = "ballerine"
playbook_file = "../ansible/ballerine_playbook/ballerine-playbook.yml"
extra_arguments = ["--skip-tags", "deploy"]
}
}

0 comments on commit 9ffca89

Please sign in to comment.